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Title: (U) Meeting with [J regarding Blackbyte 
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re:| | 09/27/2021 


the Depariraent of Homeland 
network had been infected with Blackbyte Ransomware. The IT 


meeting with th 


Security and the FBI confirmed thai al 
nersonnel that responded fo the incident isciated the network and immediately began te work an remediation. All of the 
infected devices were wiped and were restored fram backups. No evidence is available for recovery. No contact was 
made with the attackers. No ransom was paid. The network has been restored. Following the meeting, athempts to contact 


wers unsuccessiul 
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Case ID #: [ e] (U) INVESTIGATIONS - ZERO FILE aun 
; : ‘ b6 
Synopsis: (U) Meeting wtf OOOO O regarding Blackbyte b7c 


Ransomware attack 


Details: 


held a virtual b6 


On September 24, 


2021, 


meeting with the the Department of Homeland Bic 
Security, FBI TFO advised the following: 

The subiectis who conduced the Blackbyte Ransomware attack may have exfitrated data from th rotor, b6 
There has beer no “proof oi fife” or hard evidence to support any claims that data was exfiltrated from the network. The Bie 
ransom note received on 9/19/21 by the that demanded a ransom for the compromised data 

or ihe gaia would be publicly postad in 4 days. Farensic images were taken of the backups used to restore the 

compromised network anc an initial analysis of those images show that the network may nave been compromised as 

early as August 19, 20271. Any further evidence collected to include forensic images will he shared with iaw enforcement, 

This meeting was a follow up fo the captured below. it should be noted that S has made b6 
mulipis attempts to contact the no th ithout ree 


Success. 


September 19, 2021, sf | received notification vie emali regarding a Ransomware attack on thef | b6 
webwork. Muligle atiemots to reach the wera b7C 


held a vidual 


unsuccessful, On 9/20/21, the 
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